And then it's the hacker's fault

An Eicher Motors premium calculator website on a subdomain of Toyota Tsusho Insurance Broker India exposed Microsoft's corporate cloud credentials.

The email sending API was returning email sending logs to the client, which contained the email account password (sic).

dog surprise

This password could of course be used to sign in to your Microsoft email account.”[email protected]”, which did not have two-factor authentication enabled.

This account had a record of all the emails they had ever sent to the company's customers, which were: 657.000 emails (~25GB) containing information such as customer information, PDFs of insurance policies, password reset links, OTPs and more but.

The hacker was able to gain access to other resources in Microsoft's cloud, as indicated by the corporate directory, SharePoint, and Teams.

The hacker informed the company about the vulnerabilities and Toyota Tsusho Insurance Broker India removed the vulnerable API 2 months+ after reporting it.

But the email password has not been changed yet.

See the hack steps

https://eaton-works.com/2024/01/17/ttibi-email-hack/

iGuRu.gr The Best Technology Site in Greecegns

Get the best viral stories straight into your inbox!















Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).